CVE-2021-42954
Published: Nov 17, 2021
Modified: Aug 4, 2024
CVSS v3.1
7.8
Description
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Attack Complexity
Attack Vector
Availability
Confidentiality
Integrity
Privileges Required
Scope
User Interaction
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now